Securing software package composition information
US12039056B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 10, 2022 |
| Grant date | Jul 16, 2024 |
| Priority date | — |
| Expiry date | Dec 7, 2042 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2209/84
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Systems, methods, and other embodiments described herein relate to securing software composition information in a software management environment. In one embodiment, a method includes acquiring, in a managing device, identifying information about a software package installed on a remote device, including a unique identifier of an entity associated with the software package, and a secure identifier that combines the unique identifier with a package identifier of the software package. The method includes, responsive to identifying a vulnerability, generating a vulnerability identifier using the unique identifier of the entity and a vulnerability label that identifies a vulnerable package that includes the vulnerability. The method includes comparing the vulnerability identifier with the secure identifier to determine whether the software package includes the vulnerability. The method includes providing a response about the vulnerability when the vulnerability identifier matches the secure identifier.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.